General
-
Target
8c23f9c9fd9e4191ca5a6a9af791749c55cc59b50a0d1375c6bac51200546a83
-
Size
386KB
-
Sample
220521-af4fbaabg6
-
MD5
aad0a24dbd295b6e01f84b1027b083d9
-
SHA1
3fbe9f1d08ff3dd57373064938aadf188a27dd4a
-
SHA256
8c23f9c9fd9e4191ca5a6a9af791749c55cc59b50a0d1375c6bac51200546a83
-
SHA512
2bcb4183a38f0e8c3869486b09b01c1a2481b8e0ad2634ec203960d0a7aed861beb7cefd719e9f9358df29da1031af109779b4473869676438529d9837167bd8
Static task
static1
Behavioral task
behavioral1
Sample
Consignmet Details AWB-7253-8341 pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Consignmet Details AWB-7253-8341 pdf.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
gee2424@
Extracted
Protocol: smtp- Host:
mail.flood-protection.org - Port:
587 - Username:
[email protected] - Password:
gee2424@
Targets
-
-
Target
Consignmet Details AWB-7253-8341 pdf.exe
-
Size
562KB
-
MD5
d46026eb47c65468dce41badcc2dca4d
-
SHA1
334b7a44a762907195a65988bec0294235641d35
-
SHA256
ac2a8ec48860c4d9d76c6f04dae47225b44aca9fca3ab4ec6adb3c81d268cb00
-
SHA512
9549d136d730f99f28f871635b519efec921926658d77e3e0de0a0cb092ed2e1c01d18e7e0b823a41e62bba09f324bf47221a0b6a84f89ce46956546ef79b843
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-